1MSMTP(1) General Commands Manual MSMTP(1)
2
6 msmtp - An SMTP client
7
9 Sendmail mode (default):
10 msmtp [option...] [--] recipient...
11 msmtp [option...] -t [--] [recipient...]
12 Configuration mode:
14 msmtp --configure <mailaddress>
15 Server information mode:
17 msmtp [option...] --serverinfo
18 Remote Message Queue Starting mode:
20 msmtp [option...] --rmqs=host|@domain|#queue
21
23 In the default sendmail mode, msmtp reads a mail from standard input
24 and sends it to an SMTP server for delivery.
25 In server information mode, msmtp prints information about an SMTP
26 server.
27 In Remote Message Queue Starting mode, msmtp sends a Remote Message
28 Queue Starting request for a host, domain, or queue to an SMTP server.
29
31 The standard sendmail exit status codes are used, as defined in sysex‐
32 its.h.
33
35 Options override configuration file settings.
36 They are compatible with sendmail where appropriate.
37 General options
39 --version
41 Print version information, including information about
42 the libraries used.
43 --help Print help.
45 -P, --pretend
47 Print the configuration settings that would be used, but
48 do not take further action. An asterisk (`*') will be
49 printed instead of your password.
50 -v, -d, --debug
52 Print lots of debugging information, including the whole
53 conversation with the SMTP server. Be careful with this
54 option: the (potentially dangerous) output will not be
55 sanitized, and your password may get printed in an easily
56 decodable format!
57 Changing the mode of operation
59 --configure=mailaddress
61 Generate a configuration for the given mail address and
62 print it. This can be modified or copied unchanged to the
63 configuration file. Note that this only works for mail
64 domains that publish appropriate SRV records; see RFC
65 8314.
66 -S, --serverinfo
68 Print information about the SMTP server and exit. This
69 includes information about supported features (mail size
70 limit, authentication, TLS, DSN, ...) and about the TLS
71 certificate (if TLS is active).
72 --rmqs=(host|@domain|#queue)
74 Send a Remote Message Queue Starting request for the
75 given host, domain, or queue to the SMTP server and exit.
76 Configuration options
78 -C, --file=filename
80 Use the given file instead of ~/.msmtprc or $XDG_CON‐
81 FIG_HOME/msmtp/config as the user configuration file.
82 -a, --account=account_name
84 Use the given account instead of the account named "de‐
85 fault". The settings of this account may be changed with
86 command line options. This option cannot be used together
87 with the --host option.
88 --host=hostname
90 Use this SMTP server with settings from the command line;
91 do not use any configuration file data. This option can‐
92 not be used together with the --account option.
93 --port=number
95 Set the port number to connect to. See the port command.
96 --source-ip=[IP]
98 Set or unset an IP address to bind the socket to. See the
99 source_ip command.
100 --proxy-host=[IP|hostname]
102 Set or unset a SOCKS proxy to use. See the proxy_host
103 command.
104 --proxy-port=[number]
106 Set or unset a port number for the proxy host. See the
107 proxy_port command.
108 --socket=[socketname]
110 Set or unset a local unix domain socket name to connect
111 to. See the socket command.
112 --timeout=(off|seconds)
114 Set or unset a network timeout, in seconds. See the time‐
115 out command.
116 --protocol=(smtp|lmtp)
118 Set the protocol. See the protocol command.
119 --domain=[string]
121 Set the argument of the SMTP EHLO (or LMTP LHLO) command.
122 See the domain command.
123 --auth[=(on|off|method)]
125 Enable or disable authentication and optionally choose
126 the method. See the auth command.
127 --user=[username]
129 Set or unset the user name for authentication. See the
130 user command.
131 --passwordeval=[eval]
133 Evaluate password for authentication. See the passworde‐
134 val command.
135 --tls[=(on|off)]
137 Enable or disable TLS/SSL. See the tls command.
138 --tls-starttls[=(on|off)]
140 Enable or disable STARTTLS for TLS. See the tls_starttls
141 command.
142 --tls-trust-file=[file]
144 Set or unset a trust file for TLS. See the tls_trust_file
145 command.
146 --tls-crl-file=[file]
148 Deprecated. Set or unset a certificate revocation list
149 (CRL) file for TLS. See the tls_crl_file command.
150 --tls-fingerprint=[fingerprint]
152 Set or unset the fingerprint of a trusted TLS certifi‐
153 cate. See the tls_fingerprint command.
154 --tls-key-file=[file]
156 Set or unset a key file for TLS. See the tls_key_file
157 command.
158 --tls-cert-file=[file]
160 Set or unset a cert file for TLS. See the tls_cert_file
161 command.
162 --tls-certcheck[=(on|off)]
164 Enable or disable server certificate checks for TLS. See
165 the tls_certcheck command.
166 --tls-priorities=[priorities]
168 Set or unset TLS priorities. See the tls_priorities com‐
169 mand.
170 --tls-host-override=[host]
172 Set or unset override for TLS host verification. See the
173 tls_host_override command.
174 --tls-min-dh-prime-bits=[bits]
176 Deprecated, use --tls-priorities instead. Set or unset
177 minimum bit size of the Diffie-Hellman (DH) prime. See
178 the tls_min_dh_prime_bits command.
179 Options specific to sendmail mode
181 -f, --from=address
183 Set the envelope-from address.
184 If no account was chosen yet (with --account or --host),
185 this option will choose the first account that has the
186 given envelope-from address (set with the from command).
187 If no such account is found, "default" is used.
188 See the from and allow_from_override commands.
189 -N, --dsn-notify=(off|cond)
191 Set or unset DSN notification conditions. See the dsn_no‐
192 tify command.
193 -R, --dsn-return=(off|ret)
195 Set or unset the DSN notification amount. See the dsn_re‐
196 turn command. Note that hdrs is accepted as an alias for
197 headers to be compatible with sendmail.
198 --set-from-header[=(auto|on|off)]
200 Set From header handling. See the set_from_header com‐
201 mand.
202 --set-date-header[=(auto|off)]
204 Set Date header handling. See the set_date_header com‐
205 mand.
206 --remove-bcc-headers[=(on|off)]
208 Enable or disable the removal of Bcc headers. See the re‐
209 move_bcc_headers command.
210 --undisclosed-recipients[=(on|off)]
212 Enable or disable the replacement of To/Cc/Bcc with "To:
213 undisclosed-recipients:;". See the undisclosed_recipi‐
214 ents command.
215 -X, --logfile=[file]
217 Set or unset the log file. See the logfile command.
218 --logfile-time-format=[fmt]
220 Set or unset the log file time format. See the log‐
221 file_time_format command.
222 --syslog[=(on|off|facility)]
224 Enable or disable syslog logging. See the syslog command.
225 -t, --read-recipients
227 Read recipient addresses from the To, Cc, and Bcc headers
228 of the mail in addition to the recipients given on the
229 command line. If any Resent- headers are present, then
230 the addresses from any Resent-To, Resent-Cc, and Resent-
231 Bcc headers in the first block of Resent- headers are
232 used instead.
233 --read-envelope-from
235 Read the envelope from address from the From header of
236 the mail.
237 --aliases=[file]
239 Set or unset an aliases file. See the aliases command.
240 -Fname Msmtp adds a From header to mails that lack it, using the
242 envelope from address. This option allows one to set a
243 full name to be used in that header.
244 --auto-from[=(on|off)]
246 Obsolete. See the auto_from command.
247 --maildomain=[domain]
249 Obsolete. See the maildomain command.
250 -- This marks the end of options. All following arguments
252 will be treated as recipient addresses, even if they
253 start with a `-'.
254 The following options are accepted but ignored for sendmail compatibil‐
256 ity:
257 -Btype, -bm, -G, -hN, -i, -L tag, -m, -n, -O option=value, -ox value
258
260 A suggestion for a suitable configuration file can be generated using
261 the --configure option. Normally, a system wide configuration file
262 and/or a user configuration file contain information about which SMTP
263 server to use and how to use it, but all settings can also be config‐
264 ured on the command line.
265 The information about SMTP servers is organized in accounts. Each ac‐
266 count describes one SMTP server: host name, authentication settings,
267 TLS settings, and so on. Each configuration file can define multiple
268 accounts.
269 The user can choose which account to use in one of three ways:
271 --account=id
273 Use the given account. Command line settings override configura‐
274 tion file settings.
275 --host=hostname
277 Use only the settings from the command line; do not use any con‐
278 figuration file data.
279 --from=address or --read-envelope-from
281 Choose the first account from the system or user configuration
282 file that has a matching envelope-from address as specified by a
283 from command. This works only when neither --account nor --host
284 is used.
285 Subadresses are supported. For example, the envelope from ad‐
286 dress user+detail@example.com will match the account for
287 user@example.com.
288 Furthermore, the envelope-from address of the account may be a
289 wildcard pattern. See the from command.
290 If none of the above options is used (or if no account has a matching
292 from command), then the account "default" is used.
293 Msmtp transmits mails unaltered to the SMTP server, with the following
295 exceptions:
296 - The Bcc header(s) will be removed. This behavior can be changed with
297 the remove_bcc_headers command and --remove-bcc-headers option.
298 - A From header will be added if the mail does not have one. This can
299 be changed with the set_from_header command and --set-from-header op‐
300 tion. The header will use the envelope from address and optionally a
301 full name set with the -F option.
302 - A Date header will be added if the mail does not have one. This can
303 be changed with the set_date_header command and --set-date-header op‐
304 tion.
305 - When undisclosed_recipients is set, the original To, Cc, and Bcc
306 headers are removed and replaced with "To: undisclosed-recipients:;".
307 Skip to the EXAMPLES section for a quick start.
309
311 If it exists and is readable, a system wide configuration file
312 SYSCONFDIR/msmtprc will be loaded, where SYSCONFDIR depends on your
313 platform. Use --version to find out which directory is used.
314 If it exists and is readable, a user configuration file will be loaded
315 (~/.msmtprc will be tried first followed by $XDG_CONFIG_HOME/msmtp/con‐
316 fig by default, but see --version). Accounts defined in the user con‐
317 figuration file override accounts from the system configuration file.
318 Configuration data from either file can be changed by command line op‐
319 tions.
320 A configuration file is a simple text file. Empty lines and comment
322 lines (whose first non-blank character is `#') are ignored.
323 Every other line must contain a command and may contain an argument to
324 that command.
325 The argument may be enclosed in double quotes ("), for example if its
326 first or last character is a blank.
327 If a file name starts with the tilde (~), this tilde will be replaced
328 by $HOME. If a command accepts the argument on, it also accepts an
329 empty argument and treats that as if it was on.
330 Commands are organized in accounts. Each account starts with the ac‐
331 count command and defines the settings for one SMTP account.
332 Skip to the EXAMPLES section for a quick start.
334 Commands are as follows:
336 defaults
338 Set defaults. The following configuration commands will set de‐
339 fault values for all following account definitions in the cur‐
340 rent configuration file.
341 account name [:account[,...]]
343 Start a new account definition with the given name. The current
344 default values are filled in.
345 If a colon and a list of previously defined accounts is given
346 after the account name, the new account, with the filled in de‐
347 fault values, will inherit all settings from the accounts in the
348 list.
349 host hostname
351 The SMTP server to send the mail to. The argument may be a host
352 name or a network address. Every account definition must con‐
353 tain this command.
354 port number
356 The port that the SMTP server listens on. The default is 25
357 ("smtp"), unless TLS without STARTTLS is used, in which case it
358 is 465 ("smtps").
359 source_ip [IP]
361 Set a source IP address to bind the outgoing connection to. Use‐
362 ful only in special cases on multi-home systems. An empty argu‐
363 ment disables this.
364 proxy_host [IP|hostname]
366 Use a SOCKS proxy. All network traffic will go through this
367 proxy host, including DNS queries, except for a DNS query that
368 might be necessary to resolve the proxy host name itself (this
369 can be avoided by using an IP address as proxy host name). An
370 empty hostname argument disables proxy usage. The supported
371 SOCKS protocol version is 5. If you want to use this with Tor,
372 see also "Using msmtp with Tor" below.
373 proxy_port [number]
375 Set the port number for the proxy host. An empty number argument
376 resets this to the default port.
377 socket socketname
379 Set the file name of a unix domain socket to connect to. This
380 overrides both host/port and proxy_host/proxy_port.
381 timeout (off|seconds)
383 Set or unset a network timeout, in seconds. The argument off
384 means that no timeout will be set, which means that the operat‐
385 ing system default will be used.
386 protocol (smtp|lmtp)
388 Set the protocol to use. Currently only SMTP and LMTP are sup‐
389 ported. SMTP is the default. See the port command above for de‐
390 fault ports.
391 domain argument
393 Use this command to set the argument of the SMTP EHLO (or LMTP
394 LHLO) command. The default is localhost, which is stupid but
395 usually works. Try to change the default if mails get rejected
396 due to anti-SPAM measures. Possible choices are the domain part
397 of your mail address (provider.example for joe@provider.example)
398 or the fully qualified domain name of your host (if available).
399 The following substitution patterns are supported:
400 %H will be replaced by $HOSTNAME, or if that fails by the host
401 name of the system.
402 %C will be replaced by the canonical name of %H.
403 %M will be replaced by the contents of /etc/mailname (poten‐
404 tially a different directory is used depending on the build con‐
405 figuration; see the output of msmtp --version and look for the
406 location of the system configuration file).
407 auth [(on|off|method)]
409 Enable or disable authentication and optionally choose a method
410 to use. The argument on chooses a method automatically.
411 Usually a user name and a password are used for authentication.
412 The user name is specified in the configuration file with the
413 user command. There are five different methods to specify the
414 password:
415 1. Add the password to the system key ring. Currently supported
416 key rings are the Gnome key ring and the Mac OS X Keychain. For
417 the Gnome key ring, use the command secret-tool (part of Gnome's
418 libsecret) to store passwords: secret-tool store --label=msmtp
419 host mail.freemail.example service smtp user joe.smith. On Mac
420 OS X, use the following command: security add-internet-password
421 -s mail.freemail.example -r smtp -a joe.smith -w. In both exam‐
422 ples, replace mail.freemail.example with the SMTP server name,
423 and joe.smith with your user name.
424 2. Store the password in an encrypted files, and use passworde‐
425 val to specify a command to decrypt that file, e.g. using GnuPG.
426 See EXAMPLES.
427 3. Store the password in the configuration file using the pass‐
428 word command. (Usually it is not considered a good idea to
429 store passwords in cleartext files. If you do it anyway, you
430 must make sure that the file can only be read by yourself.)
431 4. Store the password in ~/.netrc. This method is probably obso‐
432 lete.
433 5. Type the password into the terminal when it is required.
434 It is recommended to use method 1 or 2.
435 Multiple authentication methods exist. Most servers support only
436 some of them. Historically, sophisticated methods were devel‐
437 oped to protect passwords from being sent unencrypted to the
438 server, but nowadays everybody needs TLS anyway, so the simple
439 methods suffice since the whole session is protected. A suitable
440 authentication method is chosen automatically, and when TLS is
441 disabled for some reason, only methods that avoid sending clear‐
442 text passwords are considered.
443 The following user / password methods are supported: plain (a
444 simple cleartext method, with base64 encoding, supported by al‐
445 most all servers), scram-sha-1 (a method that avoids cleartext
446 passwords), scram-sha-256 (same but with stronger hash),
447 cram-md5 (an obsolete method that avoids cleartext passwords,
448 but is not considered secure anymore), digest-md5 (an overcom‐
449 plicated obsolete method that avoids cleartext passwords, but is
450 not considered secure anymore), login (a non-standard cleartext
451 method similar to but worse than the plain method), ntlm (an ob‐
452 scure non-standard method that is now considered broken; it
453 sometimes requires a special domain parameter passed via ntlmdo‐
454 main).
455 There are currently three authentication methods that are not
456 based on user / password information and have to be chosen manu‐
457 ally: oauthbearer or its predecessor xoauth2 (an OAuth2 token
458 from the mail provider is used as the password. See the docu‐
459 mentation of your mail provider for details on how to get this
460 token. The passwordeval command can be used to pass the regu‐
461 larly changing tokens into msmtp from a script or an environment
462 variable), external (the authentication happens outside of the
463 protocol, typically by sending a TLS client certificate, and the
464 method merely confirms that this authentication succeeded), and
465 gssapi (the Kerberos framework takes care of secure authentica‐
466 tion, only a user name is required).
467 It depends on the underlying authentication library and its ver‐
468 sion whether a particular method is supported or not. Use --ver‐
469 sion to find out which methods are supported.
470 user login
472 Set the user name for authentication. An empty argument unsets
473 the user name.
474 password secret
476 Set the password for authentication. An empty argument unsets
477 the password. Consider using the passwordeval command or a key
478 ring instead of this command, to avoid storing cleartext pass‐
479 words in the configuration file.
480 passwordeval [eval]
482 Set the password for authentication to the output (stdout) of
483 the command eval. This can be used e.g. to decrypt password
484 files on the fly or to query key rings, and thus to avoid stor‐
485 ing cleartext passwords.
486 Note that the eval command must not mess with standard input
487 (stdin) because that is where msmtp reads the mail from. If in
488 doubt, append </dev/null to eval.
489 ntlmdomain [domain]
491 Set a domain for the ntlm authentication method. This is obso‐
492 lete.
493 tls [(on|off)]
495 Enable or disable TLS (also known as SSL) for secured connec‐
496 tions.
497 Transport Layer Security (TLS) "... provides communications pri‐
498 vacy over the Internet. The protocol allows client/server ap‐
499 plications to communicate in a way that is designed to prevent
500 eavesdropping, tampering, or message forgery" (quote from
501 RFC2246).
502 A server can use TLS in one of two modes: via a STARTTLS command
503 (the session starts with the normal protocol initialization, and
504 TLS is then started using the protocol's STARTTLS command), or
505 immediately (TLS is initialized before the normal protocol ini‐
506 tialization; this requires a separate port). The first mode is
507 the default, but you can switch to the second mode by disabling
508 tls_starttls.
509 When TLS is started, the server sends a certificate to identify
510 itself. To verify the server identity, a client program is ex‐
511 pected to check that the certificate is formally correct and
512 that it was issued by a Certificate Authority (CA) that the user
513 trusts. (There can also be certificate chains with intermediate
514 CAs.)
515 The list of trusted CAs is specified using the tls_trust_file
516 command. The default value ist "system" and chooses the system-
517 wide default, but you can also choose the trusted CAs yourself.
518 A fundamental problem with this is that you need to trust CAs.
519 Like any other organization, a CA can be incompetent, malicious,
520 subverted by bad people, or forced by government agencies to
521 compromise end users without telling them. All of these things
522 happened and continue to happen worldwide. The idea to have
523 central organizations that have to be trusted for your communi‐
524 cation to be secure is fundamentally broken.
525 Instead of putting trust in a CA, you can choose to trust only a
526 single certificate for the server you want to connect to. For
527 that purpose, specify the certificate fingerprint with tls_fin‐
528 gerprint. This makes sure that no man-in-the-middle can fake the
529 identity of the server by presenting you a fraudulent certifi‐
530 cate issued by some CA that happens to be in your trust list.
531 However, you have to update the fingerprint whenever the server
532 certificate changes, and you have to make sure that the change
533 is legitimate each time, e.g. when the old certificate expired.
534 This is inconvenient, but it's the price to pay.
535 Information about a server certificate can be obtained with
536 --serverinfo --tls --tls-certcheck=off. This includes the issuer
537 CA of the certificate (so you can trust that CA via
538 tls_trust_file), and the fingerprint of the certificate (so you
539 can trust that particular certificate via tls_fingerprint).
540 TLS also allows the server to verify the identity of the client.
541 For this purpose, the client has to present a certificate issued
542 by a CA that the server trusts. To present that certificate, the
543 client also needs the matching key file. You can set the cer‐
544 tificate and key files using tls_cert_file and tls_key_file.
545 This mechanism can also be used to authenticate users, so that
546 traditional user / password authentication is not necessary any‐
547 more. See the external mechanism in auth.
548 You can also use client certificates stored on some external au‐
549 thentication device by specifying GnuTLS device URIs in
550 tls_cert_file and tls_key_file. You can find the correct URIs
551 using p11tool --list-privkeys --login (p11tool is bundled with
552 GnuTLS). If your device requires a PIN to access the data, you
553 can specify that using one of the password mechanisms (e.g.
554 passwordeval, password).
555 tls_starttls [(on|off)]
557 Choose the TLS variant: start TLS from within the session (on,
558 default), or tunnel the session through TLS (off).
559 tls_trust_file file
561 Activate server certificate verification using a list of trusted
562 Certification Authorities (CAs). The default is the special
563 value "system", which selects the system default. An empty argu‐
564 ment disables trust in CAs. If you select a file, it must be in
565 PEM format, and you should also use tls_crl_file.
566 tls_crl_file [file]
568 Deprecated. This sets a certificate revocation list (CRL) file
569 for TLS, to check for revoked certificates (an empty argument,
570 which is the default, disables this). Nowadays automatic OCSP
571 checks replace CRL file checks.
572 tls_fingerprint [fingerprint]
574 Set the fingerprint of a single certificate to accept for TLS.
575 This certificate will be trusted regardless of its contents
576 (this overrides tls_trust_file). The fingerprint should be of
577 type SHA256, but can for backwards compatibility also be of type
578 SHA1 or MD5 (please avoid this). The format should be
579 01:23:45:67:.... Use --serverinfo --tls --tls-certcheck=off
580 --tls-fingerprint= to get the server certificate fingerprint.
581 tls_key_file file
583 Send a client certificate to the server (use this together with
584 tls_cert_file}). The file must contain the private key of a
585 certificate in PEM format. An empty argument disables this fea‐
586 ture.
587 tls_cert_file file
589 Send a client certificate to the server (use this together with
590 tls_key_file). The file must contain a certificate in PEM for‐
591 mat. An empty argument disables this feature.
592 tls_certcheck [(on|off)]
594 Enable or disable checks of the server certificate. They are en‐
595 abled by default. Disabling them will override tls_trust_file
596 and tls_fingerprint. WARNING: When the checks are disabled, TLS
597 sessions will not be secure!
598 tls_priorities [priorities]
600 Set priorities for TLS session parameters. The default is set by
601 the TLS library and can be selected by using an empty argument
602 to this command. The interpretation of the priorities string de‐
603 pends on the TLS library. Use --version to find out which TLS
604 library you use.
605 For GnuTLS, see the section on Priority Strings in the manual.
606 For libtls, the priorites string is a space-separated list of
607 parameter strings prefixed with either PROTOCOLS=, CIPHERS=, or
608 ECDHECURVES=. These parameter strings will be passed to the
609 functions tls_config_parse_protocols, tls_config_set_ciphers,
610 and tls_config_set_ecdhecurves. Unrecognized parts of the prior‐
611 ities string will be ignored. Example: "PROTOCOLS=TLSv1.3 CI‐
612 PHERS=ECDHE-RSA-AES128-SHA256 ECDHECURVES=P-384".
613 tls_host_override [host]
615 By default, TLS host verification uses the host name given by
616 the host command. This command allows one to use a different
617 host name for verification. This is only useful in special
618 cases.
619 tls_min_dh_prime_bits [bits]
621 Deprecated, use tls_priorities instead. Set or unset the mini‐
622 mum number of Diffie-Hellman (DH) prime bits accepted for TLS
623 sessions. The default is set by the TLS library and can be se‐
624 lected by using an empty argument to this command. Only lower
625 the default (for example to 512 bits) if there is no other way
626 to make TLS work with the remote server.
627 from envelope_from
629 Set the envelope-from address. The following substitution pat‐
630 terns are supported:
631 %U will be replaced by $USER, or if that fails by $LOGNAME, or
632 if that fails by the login name of the user running msmtp.
633 %H will be replaced by $HOSTNAME, or if that fails by the host
634 name of the system.
635 %C will be replaced by the canonical name of %H.
636 %M will be replaced by the contents of /etc/mailname (poten‐
637 tially a different directory is used depending on the build con‐
638 figuration; see the output of msmtp --version and look for the
639 location of the system configuration file).
640 Note that the obsolete auto_from command replaces this envelope-
641 from address.
642 To enforce the use of this envelope-from address and ignore the
643 -f / --from option, see the allow_from_override command.
644 Furthermore, the envelope-from address may be a wildcard pattern
645 as used for file name matching in the shell. This is the case if
646 it contains one of the characters ?, * or [. This allows a va‐
647 riety of envelope-from addresses given with the --from option to
648 match a single account.
649 allow_from_override (on|off)
651 By default, the --from option overrides the from command. Set
652 to off to disable this.
653 dsn_notify (off|condition)
655 This command sets the condition(s) under which the mail system
656 should send DSN (Delivery Status Notification) messages. The ar‐
657 gument off disables explicit DSN requests, which means the mail
658 system decides when to send DSN messages. This is the default.
659 The condition must be never, to never request notification, or a
660 comma separated list (no spaces!) of one or more of the follow‐
661 ing: failure, to request notification on transmission failure,
662 delay, to be notified of message delays, success, to be notified
663 of successful transmission. The SMTP server must support the DSN
664 extension.
665 dsn_return (off|amount)
667 This command controls how much of a mail should be returned in
668 DSN (Delivery Status Notification) messages. The argument off
669 disables explicit DSN requests, which means the mail system de‐
670 cides how much of a mail it returns in DSN messages. This is the
671 default. The amount must be headers, to just return the message
672 headers, or full, to return the full mail. The SMTP server must
673 support the DSN extension.
674 set_from_header [(auto|on|off)]
676 When to set a From header: auto adds a From header if the mail
677 does not have one (this is the default), on always sets a From
678 header and overrides any existing one, and off never sets a From
679 header.
680 If the mail server rejects the mail because its From header does
681 not match the envelope-from address (a common anti-spam mea‐
682 sure), then you might want to set this option to on.
683 The From header is created based on the envelope-from address.
684 Disable allow_from_override to prevent programs from setting
685 their own envelope-from address.
686 For compatibility with older versions, add_missing_from_header
687 [(on|off)] is still supported and corresponds to the auto and
688 off settings.
689 set_date_header [(on|off)]
691 When to set a Date header: auto adds a Date header if the mail
692 does not have one (this is the default), and off never sets a
693 Date header.
694 For compatibility with older versions, add_missing_date_header
695 [(on|off)] is still supported and corresponds to the auto and
696 off settings.
697 remove_bcc_headers [(on|off)]
699 This command controls whether to remove Bcc headers. The default
700 is to remove them.
701 undisclosed_recipients [(on|off)]
703 When set, the original To, Cc, and Bcc headers of the mail are
704 removed and a single new header line "To: undisclosed-recipi‐
705 ents:;" is added. The default setting is off.
706 logfile [file]
708 An empty argument disables logging (this is the default).
709 When logging is enabled by choosing a log file, msmtp will ap‐
710 pend one line to the log file for each mail it tries to send via
711 the account that this log file was chosen for.
712 The line will include the following information: date and time
713 in the format specified by logfile_time_format, host name of the
714 SMTP server, whether TLS was used, whether authentication was
715 used, authentication user name (only if authentication is used),
716 envelope-from address, recipient addresses, size of the mail as
717 transferred to the server (only if the delivery succeeded), SMTP
718 status code and SMTP error message (only in case of failure and
719 only if available), error message (only in case of failure and
720 only if available), exit code (from sysexits.h; EX_OK indicates
721 success).
722 If the filename is a dash (-), msmtp prints the log line to the
723 standard output.
724 logfile_time_format [fmt]
726 Set or unset the log file time format. This will be used as the
727 format string for the strftime() function. An empty argument
728 chooses the default ("%b %d %H:%M:%S").
729 syslog [(on|off|facility)]
731 Enable or disable syslog logging. The facility can be one of
732 LOG_USER, LOG_MAIL, LOG_LOCAL0, ..., LOG_LOCAL7. The default is
733 LOG_USER.
734 Each time msmtp tries to send a mail via the account that con‐
735 tains this syslog command, it will log one entry to the syslog
736 service with the chosen facility.
737 The line will include the following information: host name of
738 the SMTP server, whether TLS was used, whether authentication
739 was used, envelope-from address, recipient addresses, size of
740 the mail as transferred to the server (only if the delivery suc‐
741 ceeded), SMTP status code and SMTP error message (only in case
742 of failure and only if available), error message (only in case
743 of failure and only if available), exit code (from sysexits.h;
744 EX_OK indicates success).
745 aliases [file]
747 Replace local recipients with addresses in the aliases file.
748 The aliases file is a cleartext file containing mappings between
749 a local address and a list of replacement addresses. The map‐
750 pings are of the form:
751 local: someone@example.com, person@domain.example
752 Multiple replacement addresses are separated with commas. Com‐
753 ments start with `#' and continue to the end of the line.
754 The local address default has special significance and is
755 matched if the local address is not found in the aliases file.
756 If no default alias is found, then the local address is left as
757 is.
758 An empty argument to the aliases command disables the replace‐
759 ment of local addresses. This is the default.
760 auto_from [(on|off)]
762 Obsolete; you can achieve the same and more using the substitu‐
763 tion patterns of the from command.
764 Enable or disable automatic envelope-from addresses. The default
765 is off. When enabled, an envelope-from address of the form
766 user@domain will be generated. The local part will be set to
767 USER or, if that fails, to LOGNAME or, if that fails, to the lo‐
768 gin name of the current user. The domain part can be set with
769 the maildomain command. If the maildomain is empty, the enve‐
770 lope-from address will only consist of the user name and not
771 have a domain part. When auto_from is disabled, the envelope-
772 from address must be set explicitly.
773 maildomain [domain]
775 Obsolete; you can achieve the same and more using the substitu‐
776 tion patterns of the from command.
777 Set a domain part for the generation of an envelope-from ad‐
778 dress. This is only used when auto_from is on. The domain may be
779 empty.
780
782 Configuration file
783 # Example for a user configuration file ~/.msmtprc
785 #
786 # This file focusses on TLS and authentication. Features not used here
787 include
788 # logging, timeouts, SOCKS proxies, TLS parameters, Delivery Status No‐
789 tification
790 # (DSN) settings, and more.
791 # Set default values for all following accounts.
793 defaults
794 # Use the mail submission port 587 instead of the SMTP port 25.
796 port 587
797 # Always use TLS.
799 tls on
800 # Set a list of trusted CAs for TLS. The default is to use system set‐
802 tings, but
803 # you can select your own file.
804 #tls_trust_file /etc/ssl/certs/ca-certificates.crt
805 # A freemail service
807 account freemail
808 # Host name of the SMTP server
810 host smtp.freemail.example
811 # As an alternative to tls_trust_file, you can use tls_fingerprint
813 # to pin a single certificate. You have to update the fingerprint when
814 the
815 # server certificate changes, but an attacker cannot trick you into ac‐
816 cepting
817 # a fraudulent certificate. Get the fingerprint with
818 # $ msmtp --serverinfo --tls --tls-certcheck=off
819 --host=smtp.freemail.example
820 #tls_fingerprint 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11
821 :22:33
822 # Envelope-from address
824 from joe_smith@freemail.example
825 # Authentication. The password is given using one of five methods, see
827 below.
828 auth on
829 user joe.smith
830 # Password method 1: Add the password to the system keyring, and let
832 msmtp get
833 # it automatically. To set the keyring password using Gnome's libse‐
834 cret:
835 # $ secret-tool store --label=msmtp \
836 # host smtp.freemail.example \
837 # service smtp \
838 # user joe.smith
839 # Password method 2: Store the password in an encrypted file, and tell
841 msmtp
842 # which command to use to decrypt it. This is usually used with GnuPG,
843 as in
844 # this example. Usually gpg-agent will ask once for the decryption
845 password.
846 passwordeval gpg2 --no-tty -q -d ~/.msmtp-password.gpg
847 # Password method 3: Store the password directly in this file. Usually
849 it is not
850 # a good idea to store passwords in cleartext files. If you do it any‐
851 way, at
852 # least make sure that this file can only be read by yourself.
853 #password secret123
854 # Password method 4: Store the password in ~/.netrc. This method is
856 probably not
857 # relevant anymore.
858 # Password method 5: Do not specify a password. Msmtp will then prompt
860 you for
861 # it. This means you need to be able to type into a terminal when msmtp
862 runs.
863 # A second mail address at the same freemail service
865 account freemail2 : freemail
866 from joey@freemail.example
867 # The SMTP server of your ISP
869 account isp
870 host mail.isp.example
871 from smithjoe@isp.example
872 auth on
873 user 12345
874 # Set a default account
876 account default : freemail
877 Using msmtp with Mutt
880 Create a configuration file for msmtp and add the following lines to
882 your Mutt configuration file:
883 set sendmail="/path/to/msmtp"
884 set use_from=yes
885 set realname="Your Name"
886 set from=you@example.com
887 set envelope_from=yes
888 The envelope_from=yes option lets Mutt use the -f option of msmtp.
889 Therefore msmtp chooses the first account that matches the from address
890 you@example.com.
891 Alternatively, you can use the -a option:
892 set sendmail="/path/to/msmtp -a my-account"
893 Or set everything from the command line (but note that you cannot set a
894 password this way):
895 set sendmail="/path/to/msmtp --host=mailhub -f me@example.com --tls
896 --tls-trust-file=trust.crt"
897 If you have multiple mail accounts in your msmtp configuration file and
899 let Mutt use the -f option to choose the right one, you can easily
900 switch accounts in Mutt with the following Mutt configuration lines:
901 macro generic "<esc>1" ":set from=you@example.com"
902 macro generic "<esc>2" ":set from=you@your-employer.example"
903 macro generic "<esc>3" ":set from=you@some-other-provider.example"
904 Using msmtp with mail
907 Define a default account, and put the following in your ~/.mailrc:
909 set sendmail="/path/to/msmtp"
910 Using msmtp with Tor
913 Use the following settings:
915 proxy_host 127.0.0.1
916 proxy_port 9050
917 tls on
918 Use an IP address as proxy host name, so that msmtp does not leak a DNS
919 query when resolving it.
920 TLS is required to prevent exit hosts from reading your SMTP session.
921 Do not set domain to something that you do not want to reveal (do not
922 set it at all if possible).
923 Aliases file
926 # Example aliases file
928 # Send root to Joe and Jane
930 root: joe_smith@example.com, jane_chang@example.com
931 # Send cron to Mark
933 cron: mark_jones@example.com
934 # Send everything else to admin
936 default: admin@domain.example
937
940 SYSCONFDIR/msmtprc
941 System configuration file. Use --version to find out what
942 SYSCONFDIR is on your platform.
943 ~/.msmtprc or $XDG_CONFIG_HOME/msmtp/config
945 User configuration file.
946 ~/.netrc and SYSCONFDIR/netrc
948 The netrc file contains login information. Before prompting for
949 a password, msmtp will search it in ~/.netrc and
950 SYSCONFDIR/netrc.
951
953 USER, LOGNAME
954 These variables override the user's login name when constructing
955 an envelope-from address. LOGNAME is only used if USER is unset.
956 TMPDIR Directory to create temporary files in. If this is unset, a sys‐
958 tem specific default directory is used.
959 A temporary file is only created when the -t/--read-recipients
960 or --read-envelope-from option is used. The file is then used to
961 buffer the headers of the mail (but not the body, so the file
962 won't get very large).
963 EMAIL, SMTPSERVER
965 These environment variables are used only if neither --host nor
966 --account is used and there is no default account defined in the
967 configuration files. In this case, the host name is taken from
968 SMTPSERVER, and the envelope from address is taken from EMAIL,
969 unless overridden by --from or --read-envelope-from. Currently
970 SMTPSERVER must contain a plain host name (no URL), and EMAIL
971 must contain a plain address (no names or additional informa‐
972 tion).
973
975 msmtp was written by Martin Lambers <marlam@marlam.de>.
976 Other authors are listed in the AUTHORS file in the source distribu‐
977 tion.
978
980 sendmail(8), netrc(5) or ftp(1)
981 2021-03 MSMTP(1)